Posted
by
CmdrTaco
on Saturday March 05, 2011 @07:55AM
from the wo-ist-jones dept.

jfruhlinger writes "Looking to solve the problems of spam, phishing, and unconfirmed email identities, Germany is betting very, very big. The country will pass a law this month creating 'De-mail,' a service in which all messages will be encrypted and digitally signed so they cannot be intercepted or modified in transit. Businesses and individuals wanting to send or receive De-mail messages will have to prove their real-world identity and associate that with a new De-mail address from a government-approved service provider. The service will be enabled by a new law that the government expects will be in force by the end of this month. It will allow service providers to charge for sending messages if they wish. The service is voluntary, but will it give the government too much control?"

Yup. Sounds like a bad joke right? A new messaging standard, incompatible with everything else, that doesn't even do end-to-end encryption! It's pathetic. It purports to solve problems that are already pretty much solved -- spam, reliable delivery -- while not solving all the difficult ones and introducing new dangers for the customers, like missing a "registered email". Oh, and you'll be charged per mail! The worst outcome would be if people ended up using it, but at this point I'm guessing it'll be a huge dud; some government entities will support it, as will a few corporations, but that's it.

Spam has not been solved, just covered up. It is a pointless waste of incoming bandwidth and server power (if you do your own filtering). This would do nothing to stop spam either, it doesn't matter if you know the identity of the sender if the sender's machine is a zombie. There will always be more idiots with compromised machines.

...it doesn't matter if you know the identity of the sender if the sender's machine is a zombie.

Depends on how it is designed. If the system required that each server in the chain be a trusted server that signs the message with a valid SSL certificate, then the spammers would have to either buy a cert for each individual zombie (too expensive to be profitable) or tie them all to a single domain name and cert that could then be trivially blocked (either by revoking the cert or by blocking mail from that dom

This is not a problem of encryption or SSL. Zombies can simply bypass all security measures by emulating the end user.

Think of a zombie that opens up your copy of Outlook Express, fake-clicks "Create new email message", types something about penis enlargement, types in a hundred addresses, then fake-clicks "Send". As far as the entire chain of email is concerned, the email came from somersault@example.com. You (and by you I mean your computer acting on your behalf) sent the spam, so De-mail could block y

Zombies can simply bypass all security measures by emulating the end user.

Not really. An end user's ISP typically has throttling in place such that if the user tries to send millions of emails out in a day, they A. will not go through, and B. will result in the user's account getting disabled rather quickly. If spammers are not able to run their own SMTP servers on zombie machines, spam ceases to be profitable, as it requires being able to send out huge volumes of email in a short period of time, and con

Changing the subject doesn't invalidate my previous point. Your previous comment was talking about spam being thwarted by SSL, but that's what zombies easily bypass. Each zombie could easily send out 100 emails a day and not trigger "suspicion" flags at the ISP level. With a hundred thousand zombies, that's ten million spams that the security software would never catch. And I'd bet that a competent botherder could probably quote each major ISP's spam threshold from memory, so if Comcast's throttle is 1,

Each zombie could easily send out 100 emails a day and not trigger "suspicion" flags at the ISP level.

The fact that spam bots can masquerade as the user is largely irrelevant. The reason we have spam is ultimately that there's no good way to verify that a message was sent by a given sender.

The only reason spam is possible with authenticated mail clients is that the ISPs require all outgoing mail to go through their servers, and thus the ISPs are forced to not do comparisons between the ISP's mail drop use

Until any email to _any_ government agency (applications for services, jobs, taxes, etc, etc, etc) _requires_ you use this service..
Until any company wishing to do business with the government is _forced_ to use this service to keep their contract..

There are ways to make sure it's not a "dud", if they are willing to make the laws, and it sounds like they are.

YThe worst outcome would be if people ended up using it, but at this point I'm guessing it'll be a huge dud; some government entities will support it, as will a few corporations, but that's it.

I don't think they will be so lucky. I'd bet the government will require it for some communication and account access. Over time it will become more inconvenient to have multiple email accounts and people will just default to using de-mail.

YThe worst outcome would be if people ended up using it, but at this point I'm guessing it'll be a huge dud; some government entities will support it, as will a few corporations, but that's it.

I don't think they will be so lucky. I'd bet the government will require it for some communication and account access. Over time it will become more inconvenient to have multiple email accounts and people will just default to using de-mail.

I can see the commercial sector driving adoption on its own. As a business, I might ask all business to be transacted through De-mail to ensure legitimacy of contracts and payment. Or as an insurer, I might offer reduced rates of coverage to business transactions that take place over De-mail, as I would trust them to have less chance of being fraudulent.

Hmmm, I haven't gotten much info about this, but IIRC it's not really about replacing or upgrading E-Mail, but rather about replacing snail-mail entirely. Documents with signatures and so on can now be sent as e-mail instead of in quaint old envelopes...

Really? Here in Germany they're not always accepted on the other end. This would allow people to verify that the signed document actually came from the person who supposedly sent it...

I didn't say that anybody accepts (or sends out) signed emails. I said it's already possible to sign emails, so there's no reason to come up with an alternate infrastructure. Instead of spending X to get government services and a few companies to use de-mail, they could have spent Y << X to get government services and a few companies to install GPG. Of course that'd result in widely deployed public cryptography -- including strong end-to-end encryption -- something that must not be.

They're spending a lot of money implementing a new technology to accomplish something that old technology would have done cheaper and better, and they're enforcing uptake of the new, inferior technology by legislative means, at the same time obstructing the uptake of the better alternatives.

I'd love to have widely adopted secure end-to-end non-reputable email, but I think it will be a cold day in hell before *any* government will support a standard that doesn't permit them to read the email at will.

"It purports to solve problems that are already pretty much solved -- spam, reliable delivery -- while not solving all the difficult ones and introducing new dangers for the customers"

A strange conclusion. I don't see how spam has been "pretty much solved" at all. Current anti-spam techniques are far from ideal and phishing is an extremely serious, still-emerging, problem. Also, making wild predictions on a technologies uptake upon initial announcement is a complete guessing game. If you could know for sure

As a native German, I can confirm this. Encryption is only used for Client Server communication.

There are further flaws in the concept. For example, our government lately decided that de-mail addresses do not have to be visually distinguishable from other mail addresses (i.e. de-mail addresses do not share a common tld, nor do the tlds have to contain something like "de-mail"). Instead, they came up with the idea that email client vendors could implement a mechanism for telling users whether an email addre

Bob Crow, head of the Transport Workers union in the UK, was being interviewed by David Mitchell, of Peep Show fame, and suggested that there should be a 1p charge on all emails being sent as a way to cut the UK deficit. Now the idea was treated with mild scorn by Mitchell and everybody laughed at it, but if it means we could pay for a few more nurses and it stops people sending me links to cat videos then I'm broadly in favour.

DHL, i.e. "Deutsche Post" isnt participating in De-Mail at all. Since the basic purpose of De-Mail was to obsolete a large part of legally binding snail mail, and Deutsche Post realized they would be hit the hardest by this, they developed their own competitive service called "Deutsche Post ePostBrief", which works exactly the same as De-Mail, but of course isnt compatible with De-Mail, so you cant interchange legally binding emails between providers. Deutsche Post is kinda alone in their camp, since basica

Then why not use existing standards? We already have S/MIME, which allows a digital signature to be used to sign and encrypt mail. Simply pass a law saying that emails with S/MIME encryption and a certificate signed by the government's CA are viewed as legally binding. Then, anyone can continue to use existing clients, can continue to use existing servers, and can just get a certificate signed by the government if they want to opt in to this.

Yes, I'm sure that is interresting. But why not use DNSSEC, SSL/TLS-certificates, SSL/TLS Certificate Authorities and DKIM which already solve all these problems.1. SSL/TLS-certificates are created by the Certificate Authorities2. SSL/TLS encryption for communication between mailservers3. SSL/TLS encryption with authentication for delivery from the user to the mailserver4. DKIM signing of the e-mail on the mailserver to verify that the mail came from the user5. DNSSEC to publish the DKIM key6. DNSSEC to ver

nobody prohibits you from using your gmail account, this is just that when dealing with state offices (e.g. tax office, land registry, local authorities, voting), their registered email would be useful.

You may be able to encrypt beyond the government's ability to decrypt But how can you handle a court forcing you to reveal the contents? Worse yet I would not be so certain that simply using encryption may in itself be enough to attract one of our current star chamber types of discovery. Freedom of speech is not lost at the moment it is squelched. The freedom to speak dies the moment you u

You may be able to encrypt beyond the government's ability to decrypt But how can you handle a court forcing you to reveal the contents?

IANAL, but at least in the USA, the fifth amendment protects you against self-incrimination. I do not think you can be compelled to divulge an encryption key if doing so would provide any evidence you committed a crime. Any decent lawyer and/or the ACLU's could probably prevail with this argument in court.

The trick, of course, is that the prosecution will typically give another party who has access to the encrypted data immunity from prosecution, so the 5th amendment does not apply. Then that party can be c

Anything sent via snailmail that is expected to be time sensitive and/or legally binding would require a signature, it would not just be left in the mailbox.

Or it would be sent via FedEx or UPS, again requiring a signature.

Not so sensitive items, bills and such, don't require a signature, but you're still on the hook. Mail carrier left the door to the mailbox open, and your mortgage payment invoice got blown down the road? You are still on the hook for the payment.

Mail delivered to these accounts will count as delivered to the recipient, so any respite associated with the delivery starts running. Don't read your email regularly - miss deadlines.

How is this different from mail delivered to your snailmail box? "I wasn't at home" has not been a particularly good excuse for a very long time.

Actually that is a very, very good excuse when you require proof of delivery/acceptance -- since those are usually signed-for. Recipient not there to sign ? No proof of personal delivery. The difference with DE-Mail is that messages count delivered when they hit your service provider, no matter whether you read your account or not. This can have far-reaching consequences under German law.

The lack of end-to-end encryption is another matter entirely, and a rather obvious strategy to ensure that the government can eavesdrop. So much is clear.

Yes, and the lies and bullshit they spew when defending this are even more so. Too bad too few people will get the messag

IIRC, this is not true. In particular the kind of mails that involve legal proceedings can be considered as delivered even if you weren't there. It sometimes is even written explicitly on top that for legal purposes you were there personally. German laws are strange.

IIRC, this is not true. In particular the kind of mails that involve legal proceedings can be considered as delivered even if you weren't there. It sometimes is even written explicitly on top that for legal purposes you were there personally. German laws are strange.

There was a reason I put in "personal" there;-) You can get products like proof of delivery (Einschreiben Einwurf) which do not prove you personally received it, but which do prove that the letter was delivered to the address given. Then there is a product with proof of PERSONAL delivery (Einschreiben eigenhändig), which proves the recipient has personally received the piece of mail (but which also requires the recipient to sign for it of their own volition).

> How is this different from legal messages arriving in your physical mailbox when you are away (in hospital/on vacation)?

You claim to the sender (and have to prove if he disagrees) that you were not able to retrieve the letter for that reason and any deadline has to be restarted. The legal term is restitutio in integrum (although it seems the US uses restitutio in integrum only for demages?).

From the sound of it, it'll almost inevitably end up costing money. With that in mind and by the powers vested in me by absolutely nobody in particular, I hereby dub it "feemail".

(One *could* say that it is supposed to be a kinder, more respectable alternative to the rough-and-tumble wild west of existing (e)mail, but then there are those who think it's just a prettier version that will inevitably cost a bunch of money.)

This is the fault of email client developers. I haven't used KMail in quite some time (I've since switched to a GTK/XFCE desktop so Claws-Mail is the client of choice these days), but when I had a KDE 3.x desktop, I remember that I was struck by how seamless KMail made GnuPG, even S/MIME. If all email clients made GnuPG as seamless as KMail, you'd see more use of encryption.

Really, encryption need not be difficult, not much more difficult than typing https or getting redirected to https when you just t

I completely agree. Lack of widespread email encryption is likely the fault of webmail developers and Microsoft (with regards to Outlook) not supporting the encryption in their interfaces. And of course they wouldn't- it's completely contrary to the interests of a large corporation to give its customers privacy.

On the other hand, I use Evolution for my email, and it supports GPG out of the box. When writing a message it's a simple matter of checking a box in a menu at the top to encrypt it; two boxes for si

I don't encrypt email for the same reason. It's secure enough for it's purpose. Certainly allot more secure than regular postal mail sitting in a letter box next to the road. Email encryption really needs to become integrated as a standard within the clients. I think encryption as a whole will become much more widespread over time; especially with today's governments.

It provides SSL encryption on servers protected by Canadian laws, including Canadian privacy laws. While they respect U.S. court orders, there's no reason to believe that such orders could be executed in secret outside an investigation of a crime recognized by both Canada and the U.S.

PGP is stronger, but a people aren't using it, so practical applications are limited.

From a security-conscious standpoint, the fact that Hushmail has the capability to read their users' emails is a concern. Never mind that they only said they'd do it if the government told them to (which should be no real comfort at all). As we've been saying to the FBI recently, any backdoor at all could potentially make the entire system worthless because there's no way to guarantee control of who uses it.

PGP, on the other hand, has no central authority that can give up your communications. No need to tru

I might as well not even bother with encryption if I am going to turn to "laws" to protect me. Hushmail is snake oil cryptography, which is what I said when it was first described to me years before the DEA bust.

U.S. court orders

Court orders should not result in plaintext being produced by a third party, regardless of why the orders were issued.

"I might as well not even bother with encryption if I am going to turn to "laws" to protect me. Hushmail is snake oil cryptography, "

I disagree here. While it's true that you can't expect any service provider to protect you more than the laws permit, if you choose those laws, the situation and the country very carefully, you can ensure that the service provider has more to lose than you do.

The idea that a company is going to break the law arbitrarily with your data is paranoia. Your landlord could bug

Email is different from physical home security and to compare the two I think is a bit of a red haring.
That DEA case referenced where Hushmail hacked their user to get the password to decrypt their private key and stored messages shows a fundamental weakness in their system's design. I would never leave my private key on someone's server, even if it's encrypted. It's just too tempting for a government agent to strong-arm the provider into doing exactly what hushmail did. Court order? Sure, they complied w

Why would I volunteer to use a government sponsored program that I may get charged for when I can just use Enigmail in Thunderbird, or gpg the message otherwise?

Second problem: "It will allow service providers to charge for sending messages".

Major fail. It sounded almost good until I read that.

As a sender, you get to deliver stuff to DE-Mail addresses and they count as legally delivered. This is going to be very good to have for collection agencies or governmental agencies. Senders also get to save a bit compared to paper delivery while legally on the same footing. Senders also get proof of identity for the recipient. Senders get to spout bullshit about using the latest and most secure email standard ever.

- it cost a fortune to deploy- one message costs an equivalent of about 1 USD, which means no one uses it except for communicating with the government- it relies on a proprietary (although free as beer) rather obscure application for Windows, fortunately a non-profit foundation later developed a cross-platform library for accessing the mailbox- once you register into the system, any official letter you get is automatically considered delivered, so you cannot deny receiving it, that's why any sane lawyer will discourage from getting such an account ever unless you are obligated to

Obviously, because so much money already burnt, the mailbox system is here to stay.

approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

( ) Spammers can easily use it to harvest email addresses(x) Mailing lists and other legitimate email uses would be affected( ) No one will be able to find the guy or collect the money( ) It is defenseless against brute force attacks( ) It will stop spam for two weeks and then we'll be stuck with it(x) Users of email will not put up with it( ) Microsoft will not put up with it( ) The police will not put up with it( ) Requires too much cooperation from spammers(x) Requires immediate total cooperation from everybody at once( ) Many email users cannot afford to lose business or alienate potential employers( ) Spammers don't care about invalid addresses in their lists( ) Anyone could anonymously destroy anyone else's career or business

(x) Ideas similar to yours are easy to come up with, yet none have ever been shown practical( ) Any scheme based on opt-out is unacceptable( ) SMTP headers should not be the subject of legislation( ) Blacklists suck( ) Whitelists suck( ) We should be able to talk about Viagra without being censored( ) Countermeasures should not involve wire fraud or credit card fraud(x) Countermeasures should not involve sabotage of public networks(x) Countermeasures must work if phased in gradually(x) Sending email should be free(x) Why should we have to trust you and your servers?( ) Incompatiblity with open source or open source licenses( ) Feel-good measures do nothing to solve the problem( ) Temporary/one-time email addresses are cumbersome(x) I don't want the government reading my email( ) Killing them that way is not slow and painful enough

Furthermore, this is what I think about you:

( ) Sorry dude, but I don't think it would work.(x) This is a stupid idea, and you're a stupid person for suggesting it.( ) Nice try, assh0le! I'm going to find out where you live and burn your house down!

Yeah, funny, but done correctly it would be a system parallel to the regular emails, that would be used to send official mails like taxes declaration or agreement of a contract. The governement would not have to be able to read the content of the email. I think this is not about fighting spam, but fighting scams.

Ultimately, the main problem I see with this is that many people will have trouble with keyloggers and rootkits, but having a centralized governement sponsored identity checker for crypto message

Cryptographically signing emails has been possible for decades. The government could have lead by example by simply doing that on a wide scale, encouraging businesses to do the same. For instance, after buying stuff online, you unfailingly get an invoice per mail, something I think businesses are pretty much required to do (if they don't snailmail it, of course); why not just require them to sign it for it to be a valid invoice. Of course, signing and encrypting go hand in hand, and LEO and the interior int

... they better forget it.It costs from 55 eurocents to send one "email" (to multiple euros if you want confirmation, even if there is no snail-mail/paper involved). The interface is arcane with no 3rd party integration, of course there's no end-to-end encryption (and the "mails" are way less legally protected than normal post) and there are some really nasty conditions attached:- you have to check your mail EVERY WORKING DAY (that includes Saturdays, not that it matters)- you can't delegate this "check mail" duty to anybody (note that there isn't anything wrong in letting your wife/neighbour/etc in charge of your physical mailbox if you trust them).

There is a reason I do not want my online profile linked to my real life person. Or at least as little as possible.

It is also the reason I did not participate in a GPG signing, as I would then have to identify myself with my real life name. Thanks but no thanks. (Could be that other signings are different. No idea.)

If it needs be, I can drop my online alias and create a new one. e.g. if in 20 years people want to kill me because of something I said that is acceptable now. My boss looking for whatever inform

It's beautiful how you came up with that simple idea all of your own, and so elegant ! Implementation is not something to worry about, that's for the people who don't have ideas, they can do that easy work. Go plebs, implement !

I deduct points for not mentioning CompuServe and it not having any spam. I mean come on, that was so easy to reference !

yep i used to work for telecom gold (dialcom) on the billing side (I wrote the core of the x.400 billing system) and you don't want to go back to that era 20p a mail plus tiered data charges on top of that.

The implication then, is that reflection on what should be is a waste of time.

Good thing that Gandhi did not feel that it would be a waste of time to even contemplate ways to evict the British.

The US political system is very messed up. Any concept for how to truly fix it is inconceivably difficult to implement. Therefore, according to your thinking, let's not even think about it, since it is a waste of time. Let's only think about what is easy to do.

The implication then, is that reflection on what should be is a waste of time.

Good thing that Gandhi did not feel that it would be a waste of time to even contemplate ways to evict the British.

The US political system is very messed up. Any concept for how to truly fix it is inconceivably difficult to implement. Therefore, according to your thinking, let's not even think about it, since it is a waste of time. Let's only think about what is easy to do.

That's an interesting reading of what I said, albeit entirely untrue. The implication is not that we should not try to better ourselves, the implication is that we should not go the way of knee-jerk thinking that sees a very simple solution to a very hard problem and makes that simple solution be the silver bullet. Making email cost money is a very elegant and simple solution with one caveat -- it does not work. This has nothing to do with Gandhi or not trying to find a good solution to the spam problem (co

I am sorry for misinterpreting your intention. I actually thought about it after I posted my response. I realized too late that you were only saying that the "pay for email" solution was un-implementable. And I agree with you completely about the sound bite culture that we live in. I am not quite as sure though that a solution cannot always be reduced to its essential ideas and expressed concisely: I don't know. Perhaps.

If the sender's e-mail server is charging the penny, how does the recipient's server verify that the penny has actually been collected? If it means only accepting e-mail from servers at known ISP's you're going to break most business e-mail servers. Also, it's essentially just a white list, so why not just implement a white list and forget about the money.

If the recipient's e-mail server is charging the penny, how do you verify who sent the e-mail so you know who to charge? Also, even if you do get rid of spam, you just created a new replacement fraud. The spammers infect a million computers and get them each to send one e-mail to random addresses at the spammer's e-mail server. Viola, the spammer gets to collect $10,000.00 How many people are going to notice their e-mail bill is off by a couple of pennies that month?

This is setting aside that the financial system isn't really prepared to handle billions of one penny transactions every day. You can aggregate, I suppose, but who verifies all the e-mail servers are doing their bookkeeping properly?

That problem has been solved 20 years ago. Some nifty crypto does the trick. There are, in fact, plenty of decentralized electronic currency implementations around. Their problem is that nobody uses them.

Yet another example of either clueless politicians, attempting to do "a good thing" all the while creating on over regulated, technically inferior system, or the clever attempt to get yet another way of snooping on the people while making them "feel good and safe"...The good thing at the moment is that it's not mandatory to have or use the POS email service. At the prices currently discussed(55 âcent per email - same as for a regular letter!), I doubt it will find many people who are interested in usi

There are already standards for authenticating the sender of mail and encrypting the contents of those mails, it would be far better to encourage use of these existing standards rather that come up with something completely new and incompatible with everything else.

This is a completely retarded idea. It was thought up by people who think email works like the postal service. What it does great is accumulate control and bureaucracy where it is not needed; what it does badly is any kind of security.

If the federal government of Germany wanted to actually effectively help people secure their online communication, they would certify actual end-to-end encryption and electronic signature programs for official use, and provide some kind of root CA (or the PGP equivalent). Inst

The idea that this idea is retarded, is retarded.Simply put, when you add a pay per use campaign on emails, not only does it give you more of a paper trail, it allows the people sending out spam to know they are infected, and after a few times of being charged by their ISP for this extra email, of which I agree should be a cap so as not to offend too much those owners, maybe say a cap of 25$ a month for all the emails their infected pcs put out.....then they could be made to know that this will occur every

after 10 years of posting about this, the germans come out with it, its about bloody time!, now we will see a sharp decline in spam emails....just you wait and see. Siting past posts does nothing for my karma, but if you want to see some of them, just check some rants and raves from my past about email spamming.

as far as I can see everything this service provides has been done better for free elsewhere.nothing novel.but it'll probably be pushed hard by the german government.and if it works even poorly then other governments will follow their lead because since what happened in egypt, tunisia and libya governments the world over are suddenly terrified of the net.

This is the way to go, it is what I use when I want to send encrypted email. There are some big problems with PGP/GPG where government could help, these are:

not enough people use it. A government push would speed adoption, if government departments use it then others will follow -- that is probably all that they need to do.

helping with key management and verification. I would be happy to pay a small charge (say £10 one off) to have my key verified against passport,...

Once they have done that then the normal commercial forces would kick in: some people would pay for s/ware that works, others would use FLOSS; it doesn't really matter -- it is the standard that is important.

Right on. All I'd have to do is to trust the German key (they could publish the fingerprint in Frankfurter Allgemeine Zeitung or something) and
I could communicate with anyone in.de.

And that is why I resent the "OMG I would never trust a system where the government is involved!" comments here.
Handing out public identities for people is precisely what governments *are for*.
Without the government, we are clearly stuck where we are today: with unsigned and unencrypted mail.